Solved

How to duplicate a WebRamp 300e with Linux

Posted on 2000-02-27
19
279 Views
Last Modified: 2010-03-18
The WebRamp 300e is an analog router that accepts 1 to three modems (www.rampnet.com).  It is programed via a web interface with a phone number username and password and it sets its ip address to be 192.168.1.1 and severs dhcp to win and Linux clients.
If I get a static ip from my isp it is obviously assigned to the router. I can (and this is what I would like to know how they do it) create a visible (there term) computer. This means that all traffic to this static ip is routed to the visible computer on a private address like 192.168.1.2. The net effect is that from the inside network the visible computers address is 192.168.1.2 and from the outside Internet the ip address of this same computer is the static address my isp defined.
But there is an exception, traffic from the outside to the static ip can be directed to the router if it is web or ftp traffic.
There is another exception, instead of a visible computer a local application (webramp term) can be created where a specific 192.168.1.x address is associated with a specific tcpip/port.
This lets me take a single valid ip address and assign different services to different physical computers behind the router.
Where do I go to start emulating this behavior? I suspect IP/chains. Also is the CNAME deal going to be part of this?


0
Comment
Question by:davidpm
  • 10
  • 8
19 Comments
 

Author Comment

by:davidpm
ID: 2563091
I'm not sure if I was clear but the main purpose of this box is to share one IP address, isp account and modem with multiple windows clients on a network at the same time.
I know IP chains can do this but what about the other featurs
modem 2 and 3
visable computer
application server

One significant limitation to this box is the limit of one ip address per modem.
Is this a limitation of this box only or could I with linux have a single dial-up connection and connect serveral windows clients behind the linux box with real internet address and not use NAT.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2563534
Oh where to start...

IPchains & IP Masq can do most, but not all of what the WebRamp box does. Certainly, that combination can provide NAT (well, strictly speaking they provide NPAT (Network Port-Address Translation). And they can port-forward services in to specific internal computers. They only provide a many-to-one address translation service, so you can't have the "visible computer" that the WebRamp box has as there isn't a mechanism for static IP translation.

There is an alternative to consider in ipfilter (http://cheops.anu.edu.au/~avalon/ip-filter.html). It can do firewalling, NPAT (many-to-one) and true NAT (one-to-one) dynamically and with static translations. Ipfilter really starts to be useful when you have a netblock of external IP's to play with. In that case you can do traditional static translations to conduit external requests to internal servers.

Any Linux box can provide DHCP services, and there can be other servers (web, ftp, etc) running on the box to provide services to external clients.

Neither of these approaches quite does what the WebRamp box can do. They can do part of the job, but not everything.

As to the multiple modem capability. Yes Linux can have multiple modems, and it can do some of the things the WebRamp box does. I suspect that it's not as easy to set up as the WebRamp and can't do quite as much. My reading of the docs implies that not only can it do multi-link PPP to an ISP that supports same. It can also do bandwidth on demand over separate links (multi-path in router terms). The box itself (or ppp in general) doesn't limit you to one IP address per modem. That is a function of what the ISP is willing to do. If they are willing to assign an IP netblock (and you are willing to pay for it) you can have as many IP's for local use as desired. The ppp link in this case becomes a network link rather than a remote mode.

Okay, time for questions...

 
0
 

Author Comment

by:davidpm
ID: 2563645
I read on another forum that samba and IP Masq can not run on the same computer. Is this true? I hope not.

I'm not sure what the following means.
>>They only provide a many-to-one address translation service, so you can't have the "visible computer" that the WebRamp box has as there isn't a mechanism for static IP translation.

Have you used IPfilter on redhat. They only mention bsd etc. on there webpage.

Can Linux support multilik PPP? How?
Bandwidth on demand?

What are the differences?
>It can do firewalling, NPAT (many-to-one) and true NAT (one-to-one) dynamically and with static translations.

The most interesting possiblility it the one of running a netblock over a PPP line. I have a lot of pull with my ISP and I have clients that would like PCAnywhere access to multiple computers via the internet and can only get analog service in there town.
The webramp supports only one ip per modem.

Also back to an earlier thought. Is there any time you know of where an entry in host name other than localmachine.localdomain is appropiate. I am bugged about this because of the following quote from "Linux for Dummies"
(no comments re the quality of my referance source)
"When the Network Configurator dialog box first appears, it doesn't contain any information other than localhost.localdomain in the hostname filed. Leave this information alone. because your ISP  will probably not be supplying you with a permanent identyity for your system other than that your e-mail name and account on their server."
This implies to me that it should be changed under some circumstances.



0
 
LVL 40

Expert Comment

by:jlevie
ID: 2563798
In reverse order of the questions...

As to the localhost.localdomain question. "The Offical Red Hat Linux Reference Guide" (for RH 6.1, from RedHat) says on page 109:

The "Host name" tab will request a host name, which should be specified by default unless you did not setup your networking during the installation process. If it is not already specified, please take the time now to configure it. It should be specified at (ed, sp?) localhost.localdomain. Skip this tab. Select the tab for Adaptor 1."

I take that to mean that "Host name should always be localhost.localdomain.

Regarding netblocks. A netblock is the ideal way to do something like you have in mind. First you have more IP addresses to work with, which simplifies the process of providing services on multiple server boxes. Second all of the issues that can arise when doing NPAT are neatly side stepped. Internal hosts can have either static or dynamic address translation. This means that if an internal host needs to always get the same external IP it can be done (static translation). Other hosts can simply get any free IP address from a pool of external addresses (dynamic translation). When using dynamic translation you typically have more inside hosts than the pool size as not all will need an external IP at the same time. Ratios from 2:1 to 8:1 are fairly common, with a number of vendors recommending about 4:1 (four inside hosts for every external IP).

The ppp protocol is restricted to a single IP at each end of the link. This doesn't mean that a ppp connection can't be used to implement a netblock (or network) connection. Right now I've got a Cisco ISDN router that connects via ppp over ISDN to my network at work and links my local (Class C home LAN) to the work network. The ppp link does have to be a network unto itself, but it only has to have two usable IP's (a netblock of 4). The rest is just routing issues.

NPAT (many-to-one) means that many internal hosts will be translated to one external IP via port translation, hence the term "Network Port Address Translation". This is also referred to a PAT ("Port Address Translation"). NAT (one-to-one) means that any time an inside client needs to use the Internet the router/firewall will assign a unique external IP, either a static or dynamic (see above).

The rest will ave to wait for tomorrow...
0
 
LVL 7

Expert Comment

by:lewisg
ID: 2563818
>> I read on another forum that samba and IP Masq can not run on the same computer. Is this true? I hope not.

NOT TRUE. I am running both on several machines.
0
 

Author Comment

by:davidpm
ID: 2571161
Am I right in guessing that the place to start is to:
1. Get a modem working with Linux
2. Get a Win 98 box to work throuth the Linux box with IPMask.

What about the mulimodem concept. Is mulitlink ppp available for example?

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2571309
You start from either the inside or the outside network, it really doesn't matter. Just make one side work right, then add the other. With what you've learned so far, there's probably a slight advantage to starting with the modem as that will be more of an unknown that setting up the inside network. Configuring IP Masq, isn't all that difficult for relatively simple environments.

There's quite a bit of good information about ppp (though a touch dated) in http://www.redhat.com/mirrors/LDP/HOWTO/PPP-HOWTO.html. And yes you can do multilink ppp, see http://linux-mp.terz.de/ for one way, there may be others.
0
 

Author Comment

by:davidpm
ID: 2594186
I have to run another phone line to the lab to test this stuff out. I'm concentrating on the samba stuff now and will get back to this one in a few days.Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2662642
This question appears to have stalled out...
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:davidpm
ID: 2662772
Yes Sorry about that. I have to get another phone line to my lab to start testing this stuff.
Will be away this week but back in the saddle next week.
One problem I run into all the time, including today.
Client with a cable modem only one IP address is available from the cable company. I use 192.168.1.x/24 for the internal network.

They always want to be able to get to any specific machine from the outside with a remote controll product.
Is this possible? Maybe by forcing the remote control product to use port x for host 1, x+1 for host 2 etc. Have you ever done/thought about this sort of thing?
With the webramp and the visable computer I can pick one host to connect to but not more.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2664054
That's a common problem with all NPAT implmentations, since it's doing a port forward to the inside IP. If you can set the ports that the service uses (on both ends of course) then, yes you should be able to port forward each of the sequential ports to unique inside machines.
0
 

Author Comment

by:davidpm
ID: 2670290
Something just came up again today. Some of our services DSL for example charge extra for ip addresses. For example if I have 50 hosts but only 5 need static ip addresses. For example one host needs pc anywhere access, one is a web server, and a couple share a database through IP. Is there a way I could use NPAT with 192.68.1.x addresses for all 50 hosts then associate the 4 extra routable addresses with a 192.168.1.x address at the router side. Sort of a one-to-one mapping. This way each host would have a local 192 address and 4 hosts would also have an externaly available real address and we only have to pay for 5.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2671084
Not with ipchains, it can only do NPAT. Unfortunately it won't work on anything but a 2.0.x Linux kernel, but ipfilters can do real NAT (& firewalling) of all persuasions (many-to-one, many-to-a-pool, and one-to). You can mix'n'match the NAT forms in the same box. It works fine under FreeBSD and Solaris x86 and makes a dynamite gateway. The homepage for is: http://cheops.anu.edu.au/~avalon/ip-filter.html
0
 

Author Comment

by:davidpm
ID: 2671153
I'll take another look at that one. You mentioned it early on but I missed it somehow.
0
 

Author Comment

by:davidpm
ID: 2671166
I'm a little afraid of it because I have never used freebsd only linux.
0
 

Author Comment

by:davidpm
ID: 2671170
Are there any similer projects in linux?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 2671354
I don't know of any projects to give Linux the kind of fuctionality that ipfilters has, but someone might be working on it. It's possible that ipfilters could be made to work under Linux. Right now it takes a kernel source mod, and while that was done for the 2.0.x kernel it has never been updated for the 2.2.x kernels, so far as I've been able to determine. I think I understand the problem, and to some degree agree with the author's view. All of the OS's that ipfilters works on do have a much cleaner interface into the networking structure that doesn't require something as dramatic as modifying the kernel source.

0
 

Author Comment

by:davidpm
ID: 2761354
I'm not going to be able to get to this project due to other more pressing learning requirments. Your insites were excellent thankyou. When I get back to this subject I'm sure I'll need more help to acutally make it work.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2761438
Okay...
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now